Transcription

2 Introduction The primacy of healthcare cyber security is accompanied by challenges unique to the industry. On-the-go doctors demand frictionless secure remote access from any device. Healthcare organizations must meet compliance standards from HIPAA and other regulatory organizations. IT teams must address these demands while combating sophisticated threats and relentless cyber attacks. So how can they accomplish this? In this white paper, you will learn how healthcare organizations can use strong, adaptive authentication to solve the access control challenges that will lead to stronger ephi protection and safer patient care. Assert Your Identity 2

4 State of Security: Remote Access in Healthcare We live an era of sophisticated threats and relentless cyber attacks. Criminal rings are well-funded, well-organized and technically advanced, while emerging trends such as the Internet of Things, Big Data, BYOD and cloud mobility have left IT teams struggling to create security strategies equal to their technical capabilities. For healthcare organizations, the quest for protection is especially critical. From keeping data safe and accessible to empowering patient care, healthcare IT security can be literally a matter of life or death. It s a challenge that grows ever more intense, given the rise in the black market value of electronic protected health information (ephi) as credit card data drops in worth. Within nine months, the industry has seen the Community Health Systems breach, with 4.5 million individuals impacted; the attack on Premera Blue Cross, impacting 11 million; and finally the attack on Anthem, which affected an estimated 80 million individuals. 1 That s almost 30 percent of the entire U.S. population impacted by cybercriminals in under a year. 2 As breaches become more frequent, their cost is rising an estimated $6 billion USD for healthcare alone. 3 From HIPAA fines to a damaged brand reputation to the loss of customers and patients, just one breach can be a disaster for a hospital, clinic or private practice. The Credential Conundrum The primacy of healthcare cybersecurity is accompanied by challenges unique to the industry. On-the-go doctors demand frictionless secure remote access from any device. Password resets must be available remotely and preferably as a self-service function. Business strategists and departments drive technology decisions, leaving IT to create security programs that match those implementations. While they manage these dynamics, teams must also meet compliance standards from HIPAA and other regulatory organizations. Many healthcare organizations rely on solutions like Citrix, a standard common in hospitals and other facilities. By enabling remote access, this technology improves patient care by delivering critical information at the point of contact in real time. Yet as it s evolved to offer increasing security, attackers have shifted their tactics to the next logical vulnerability: credentials. To combat this growing risk, teams must reconsider their perimeter protections. With physicians, practitioners and employees relying on remote access to patient records, credentials have become the new keys to the data kingdom. Names, birthdates, insurance information, Social Security numbers, street addresses, addresses, employment information and income data are all available in healthcare systems one reason the healthcare industry accounted for 42 percent of major data breaches reported in Assert Your Identity 4

5 While managing remote and cloud user access via passwords has always been complex, elements such as password sprawl and shifting architectures have intensified the demand for fresh security strategies. Consider the following challenges: + Remote access to EHR/EMR applications through VPNs must be secured beyond the vulnerable password. + Doctors and other users often resist additional security measures in the fastpaced world of medicine and healthcare administration. + Routine items such as password resets are burdensome if the user must be onsite to complete the task a requirement that won t work for doctors rotating between facilities. + Physicians opinions tend to carry extra weight when it comes to evaluating IT initiatives and programs, making their needs a prime consideration in implementing security solutions. + When confronted with an inconvenient security process, many staff will find another way to get their jobs done, even if it means flouting security and compliance policies. + Advances in medical technology drive much of the investment in new healthcare tools leaving IT to ensure secure access to the applications chosen. + IT teams want to partner with business departments in embracing innovation yet that innovation must fall within stringent security guidelines to ensure the safeguarding of patient data. These dynamics leave healthcare leaders searching for a solution that can deliver both secure access and a frictionless user experience. Yet most platform-based or narrowly focused point solutions on the market today simply cannot enable strong authentication alongside ease of use. The good news: emerging technologies can provide the protected and convenient access that pleases healthcare providers while helping organizations achieve their security and compliance goals. Several factors suggest the healthcare industry will continue to be plagued with data breach headlines in Data Breach Industry Forecast, Experian 5 Assert Your Identity 5

6 Advanced Security, World-Class Care To operate effectively in today s healthcare IT climate, access control solutions must achieve a complex combination of flexibility, security, compliance and - above all an inviting user experience. Specifically the ideal healthcare IT solution will: + Deliver frictionless secure user access to any resource from any device, anywhere + Provide the user with self-service tools that support a diverse and dispersed user base + Enable teams to control the access and authentication for any technology initiative + Deliver secure access control that meets and even exceeds HIPAA requirements and other regulations + Provide strong and innovative methods to protect access to ephi In short, healthcare organizations must offer the smooth and secure remote access that enables physicians to provide excellent patient care whenever they need to, from wherever they are. According to the Ponemon Institute, 90 percent of healthcare organizations have had at least one data breach in the past two years. 40 percent report that they have had more than five incidents. 6 Adapting to a New Era in Security Traditional two-factor authentication functionality has long been regarded as too cumbersome to offer the necessary balance between security and user experience. Yet by layering two-factor and adaptive authentication as additional layers of security on top of technologies like Citrix, healthcare teams can enjoy both advanced security and a swift and convenient user experience. Adaptive authentication s benefit is that it takes security to a higher level without adding friction. As part of its risk analysis, it considers contextual factors such as IP address, device fingerprint, geo-location and IP reputation data while leveraging global threat intelligence to block attacks. Teams can customize workflows to enjoy greater visibility into authentication attempts, as well as greater control over authentication. The result: stronger security partnered with a frictionless user experience. Assert Your Identity 6

7 Device fingerprinting in particular helps healthcare organizations embrace mobility while protecting their assets. By discerning between devices that match a stored footprint and devices that don t, this adaptive authentication technique provides secure access to data from any desktop, laptop, tablet or smartphone. Once a user is successfully authenticated, the solution captures and stores that device s unique characteristics, such as HTTP headers, IP addresses, browser fonts, browser plug-ins, user data storage, and time zone essentially registering that device. Those characteristics are used to validate the user and device in the future, delivering a low-friction user experience without sacrificing security. By layering these technologies, healthcare organizations can empower their physicians and providers to deliver the world-class care that is their mission, while protecting their data, patients and staff. The FBI has warned the healthcare industry that their cyber security systems are lax compared to other sectors in a memo that stated, The healthcare industry is not as resilient to cyber intrusions compared to financial and retail sectors, therefore the possibilities of increased cyber intrusions are likely. 6 SecureAuth IdP: The New Face of Secure Remote Access Your healthcare IT team can take advantage of an innovative solution that delivers security, control and a seamless user experience SecureAuth IdP. As most healthcare IT professionals know, Citrix offers strong remote access with NetScaler, including the benefit of built-in network security features. SecureAuth adds another layer of protection by delivering strong authentication in advance of those layers. The result? secure, flexible, adaptive Two-Factor authentication in addition to Single Sign-On. Attackers attempting to exploit VPN connections are stopped in their tracks - even those equipped with valid passwords. SecureAuth IdP enables your team to enjoy control over authentication for all on-premise, cloud, mobile, and VPN resources in a single solution. Your team can leverage your current legacy infrastructure while using IdP, thanks to an innovative architecture unique in the industry. With authentication challenges matched to risk factors, IdP helps your healthcare providers obtain the data they need to provide excellent patient care, whenever and wherever they are. Assert Your Identity 7

8 From Struggle to Security A nonprofit organization based in Houston, Texas, Houston Methodist Hospital faced a classic healthcare security conundrum: doctors needed remote secure access so they could deliver the best patient care possible but single-factor authentication wasn t secure enough. When multi-factor solutions were rejected by either staff or other technologies, the hospital turned to SecureAuth. They found it worked with their Citrix-based application, VPN, web reverse proxy, cloudbased SaaS apps and other technologies. Most importantly, physicians loved the frictionless user experience. It was really a home run in every category, reported Matt Johnson, Manager of Server Engineering who said that SecureAuth enables the hospital to fulfill its mission of leading medicine while maintaining security. They aren t even prompted for their credentials, let alone questions and answers in fact, they often don t even realize authentication is happening. SecureAuth allows us to be the good guys who provide solutions instead of closing the door on them. The 6 A s of Access Control: SecureAuth IdP in Action With some of the industry s most advanced adaptive authentication capabilities, IdP performs dynamic risk analysis during authentication using multiple factors. By leveraging the 6 A s of strong access control, IdP goes beyond traditional security practices and by protecting your identities from compromise while detecting attacks against them. 1) Accept: First IdP accepts the incoming identity from almost any source. 2) Authorize: Next it authorizes that identity by comparing it to your existing data store(s) to ensure its validity. 3) Authenticate: The identity is authenticated leveraging over 20 methods for Two-Factor authentication. 4) Analyze: During the first three steps, adaptive authentication analysis inspects the selected identity attributes. Before an identity is accepted, the IP address is analyzed using white and black lists and live threat intelligence from Norse. During authorization, the user s identity and group memberships are inspected and validated against the data store. During authentication, device fingerprints are examined along with geo-location and geo-velocity to further validate the identity. IdP then takes one of several actions: it permits the authentication to proceed, steps up the authentication and requires the user to fulfill a Two-Factor authentication workflow, redirects the user or denies access all together. Assert Your Identity 8

9 5) Assert: Next IdP asserts the confirmed identity to the relevant resources, whether on premise, via mobile device, in the cloud, on the web or via VPN. 6) Audit: The final stage is audit and the ability to track and retain user access events, inspecting them with the SIEM tool of your choice. One of IdP s strongest benefits is self-management features that allow healthcare providers to register themselves and their devices, or reset their passwords without assistance from IT, increasing user satisfaction and reducing your help desk costs. The result: single sign-on that streamlines access to all applications with one set of credentials across VPN, LAN, mobile, cloud and web connections. Discover the SecureAuth IdP Difference All-in-one security. SecureAuth IdP provides secure and convenient remote access in a single solution. With adaptive and two-factor authentication alongside single sign-on, IdP helps you meet both your security and compliance goals. ephi protection. Thanks to the latest innovations in adaptive authentication, IdP can drop a net around suspicious actors to keep them from moving laterally in your network. Teams can inspect IP addresses, analyze group memberships or check the plausibility of geo-location and velocity to easily build risk analysis into authentication workflows. Speed and Convenience. With life or death decisions on the line, doctors and other users need fast and convenient access to data like diagnoses, medical histories and test results. IdP offers swift remote access, with authentication workflows that meet users where they are, from their ipads to the cloud to their laptops. Low-friction, transparent features like device fingerprinting keep the focus on patient care, while self-service features like password resets helps users solve their own challenges without calling your help desk. Friendly Integration. IdP easily supports over 20 two-factor authentication methods, including SMS, telephony and OTPs, push notification, OATH tokens, social network IDs, device fingerprints, and of course traditional smartcards and tokens. Instead of overhauling your current security infrastructure, IdP allows you to leverage your tools of today while acquiring what you ll need tomorrow. Easier Innovation. Because business strategists and department heads drive more and more technology decisions, it s IT s job to ensure new solutions can be secured and integrated into existing infrastructure. IdP s broad range of support for applications in the cloud, on the web, via mobile, on premise and via VPN helps you feel confident about securing any new technology thrown your way. IdP puts control of the authentication process back in your hands, helping you stay agile without sacrificing security. Assert Your Identity 9

10 Rapid deployment. IdP s GUI-based configurator lets you point and click your way through building workflows, rather than coding. Because IdP is delivered on hardened appliances that are plug and play, as well as isolated from hacks, your risk is reduced and your time to value accelerated. Compliance made simple. IdP helps you prove you re delivering strong and secure authentication that satisfies HIPAA standards. Instead of maintaining separate logs for each application, you can unify all access activity through IdP, with your logs shipped to your SIEM tool of choice. Stopping Tomorrow s Attacks with Secure Remote Access Today The rising tide of cybercrime has taught healthcare organizations they must all proactively minimize their risk before an attack. By opening a doorway to smooth and secure remote access, SecureAuth IdP offers stronger data protection and a user experience that helps physicians offer exceptional patient care and helps healthcare organizations succeed at their missions today and tomorrow. Stop healthcare breaches before they stop you. Request a SecureAuth IdP demo today and find out how SecureAuth can help you solve your access control challenges for stronger ephi protection and safer patient care. 1 The Biggest Health Breaches, Healthcare IT News, March Defenders Unite Against Cyber Threats in Healthcare, May Fifth Annual Study on Privacy and Security of Healthcare Data, Ponemon Institute, May Data Breach Industry Forecast, Experian, Data Breach Industry Forecast, Experian, Fifth Annual Study on Privacy and Security of Healthcare Data, Ponemon Institute, May The FBI warns healthcare sector vulnerable to cyber attacks, Reuters, April 2014 Assert Your Identity 10

11 ABOUT SECUREAUTH Based in Irvine, California, SecureAuth offers identity and information security solutions that deliver innovative access control for on-premise, cloud, mobile and VPN systems to millions of users worldwide. SecureAuth IdP provides adaptive and Two-Factor authentication alongside Single Sign-on (SSO) in one solution. Its unique architecture enables organizations to leverage legacy infrastructures while also embracing nextgeneration technologies, so they can preserve existing investments while also meeting today s security challenges and tomorrow s. For the latest insights on secure access control, follow the SecureAuth blog, on Twitter, or visit Assert Your Identity 11

White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by

WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT Executive Overview SAML (Security Assertion Markup Language) is a standard that facilitates the exchange of security information. Developed by

WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview 2 RSA and Citrix have a long history of partnership based upon integration between RSA Adaptive Authentication and Citrix NetScaler

Enabling Business Beyond the Corporate Network Secure solutions for mobility, cloud and social media 3 Trends Transforming Networks and Security Are you dealing with these challenges? Enterprise networks

The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

Preventing Attackers from Getting What They Want A Case for Context-Based Authentication Written by Keith Graham, CTO, SecureAuth November 2014 Whitepaper Executive Overview Attacks on organizations are

Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among

WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,

WHITE PAPER Business Case for Voltage SecureMail Mobile Edition Introduction Mobile devices such as smartphones and tablets have become mainstream business productivity tools with email playing a central

SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online

ADAPTIVE USER AUTHENTICATION SMS PASSCODE is the leading technology in adaptive multi-factor authentication, improving enterprise security and productivity through an easy to use and intelligent solution

IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.

White Paper Readiness Assessments: Vital to Secure Mobility What You Will Learn Mobile devices have been proven to increase employee productivity and job satisfaction, but can also pose significant threats

with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,

Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has

Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

The Cloud Desktop For Business Unify Your Business IT Experience Move your business into the Cloud with one single, easy step. Secure all your apps & data in one place. What is OS33 Cloud Desktop for Business?

How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

IT Agility that Drives Business Forward Richard Stiennon Chief Research Analyst Introduction There are six factors that drive the ever changing information technology space: Growth in Users Bandwidth Processing

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly

The 2014 Bitglass Healthcare Breach Report Is Your Data Security Due For a Physical? BITGLASS REPORT Executive Summary When hackers break into U.S. hospital health records to steal patient data, it s a

Key Authentication Considerations for Your Mobile Strategy The Need for Mobile Authentication Reaches Critical Mass According to an old adage, consumers speak through their pocketbooks. While that saying

EasyConnect Any application - Any device - Anywhere As cloud computing and mobile devices continue to reshape the way people work, workforces are becoming increasingly mobile. In order to remain competitive,

Safeguard Your Hospital Six Proactive Best Practices to Improve Healthcare Data Security April 2015 A Piece of Paper Can t Cause that Much Harm. Or Can It? Imagine a piece of paper arriving at ABC Hospital

Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,

TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the

SERVICES DESCRIPTION CA Enterprise Mobility Management MSO At a Glance Today, your customers are more reliant on mobile technologies than ever. They re also more exposed by mobile technologies than ever.

ENSURING YOUR ENTERPRISE IMAGE-VIEWER IS FULLY SECURE Ensuring the security of information and applications is a critical priority for all organizations, particularly those in the healthcare field. The

Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

Lots of workers, many applications, multiple locations......and you need one smart way to handle access for all of them. imprivata OneSign The Converged Authentication and Access Management Platform The

managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various

VASCO: Compliant Digital Identity Protection for Healthcare Compliant Digital Identity Protection for Healthcare The proliferation of digital patient information and a surge in government regulations are

FIREWALL Features SECURITY OF INFORMATION TECHNOLOGIES To ensure that they stay competitive and in order to expand their activity, businesses today know it is in their best interests to open up more channels

SECURING IDENTITIES IN CONSUMER PORTALS Solution Brief THE CHALLENGE IN SECURING CONSUMER PORTALS TODAY The Bilateral Pull between Security and User Experience As the world becomes increasingly digital,

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.